PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

By Andrey Karpov | Jul 27, 2020 07:24 AM | Tags: static code analysis sast pvs-studio devops azure devops

Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

by Alexey Govorov

From the article:

The result is a build system based on MSBuild for C++, with Chocolatey for installing PVS-Studio, CMake, and Git. Vcpkg is built for convenient management of the libraries that the project depends on. Also, we have to download the latest version of the Azure Pipelines Agent. To initialize the agent from the ENTRYPOINT Docker file, the PowerShell script 'entrypoint.ps1' is called, to which you need to add the URL of the project's "organization", the token of the agent pool, and the PVS-Studio license parameters....

Initial Support For C++20 Ranges--Casey Carter

By Adrien Hamelin | Jul 16, 2020 12:47 PM | Tags: community

Ready to try them?

Initial Support For C++20 Ranges

by Casey Carter

From the article:

We are happy to announce that Visual Studio 2019 version 16.6 contains the first user-visible pieces of C++20 Ranges support. We’ve been working on support machinery for a few releases now, but in this release the tip of the iceberg has finally broken the surface of the water and there are now some tools available for users. The Ranges implementation critically depends on C++ Concepts, and as such is usable with both MSVC and Clang in their C++20 Preview modes but not yet well-supported by IntelliSense. (Don’t worry, we’ll have proper IntelliSense support soon.)...

C++20 Features and Fixes in VS 2019 16.1 through 16.6--Stephan T. Lavavej

By Adrien Hamelin | Jul 8, 2020 01:26 PM | Tags: community

Did you get up to date?

C++20 Features and Fixes in VS 2019 16.1 through 16.6

by Stephan T. Lavavej

From the article:

We’ve been busy implementing C++20 features in MSVC’s compiler and Standard Library, and migrating the latter to microsoft/STL on GitHub – in fact, we’ve been so busy that we haven’t posted a C++ toolset changelog since the VS 2019 16.0 toolset changelog. So, here are the compiler features and STL features/fixes that have shipped for production use in the last year.

As a reminder, the /std:c++17 and /std:c++latest compiler options are necessary to use C++17 and C++20 features...

PVS-Studio is now in Compiler Explorer!

By Andrey Karpov | Jul 6, 2020 04:39 AM | Tags: static code analysis pvs-studio godbolt compiler explorer

Now you can quickly and easily analyze the code for errors right on the godbolt.org site (Compiler Explorer). This feature opens up a large number of new possibilities – from quenching curiosity about the analyzer's abilities to being able to quickly share check results with a friend. Caution – GIFs!

PVS-Studio is now in Compiler Explorer

by George Gribkov

From the article:

If you want to see the output of your program, you can open the execution window by clicking "Add new... - > Execution only" in the code editor (not in the compiler window). In the gif below, you can see the output of the lab work taken from our page about free usage of PVS-Studio by students and teachers.

SonarQube / SonarCloud Improved Analysis -- Alexandre Gigleux

By ganncamp | Jul 2, 2020 01:50 PM | Tags: None

With recent releases SonarQube and SonarCloud offer expanded compiler support and additional security-related rules.

Improved C/C++ analysis

By Alexandre Gigleux

From the article:

There are tons of C/C++ compilers out there and we always get many requests by many users about additional compilers support. We listened and added the support of 10+ compilers to allow more developers to benefit from our C/C++ rules.

We want to help C/C++ developers to deliver code in production without vulnerabilities and more precisely we want to avoid buffer overflow to be exploited by hackers. This is why we implemented 4 rules looking at APIs that could be badly used and that open the door to buffer overflow attacks

ModernCppStarter & PVS-Studio Static Code Analyzer

By Andrey Karpov | Jun 29, 2020 10:09 AM | Tags: pvs-studio moderncppstarter modern c++ devsecops code quality

One of the ways to improve software quality is to check source code with static analysis tools. This section explains how to use the PVS-Studio analyzer to check projects built on ModernCppStarter. We provide a free license for open-source projects.

ModernCppStarter & PVS-Studio Static Code Analyzer

by PVS-Studio Team

From the article:

plog-converter will convert the report into the errorfile format (similar to GCC's messages), which can be conveniently viewed in a terminal window and the IDE. You can also have the report converted to an HTML file by using the -t fullhtml flag. Use the flags -a and -d to filter diagnostics. Run the plog-converter --help command to view the full list of available options.

Transforming C to C++

By zebedee | Jun 23, 2020 01:10 PM | Tags: None

New video on using the latest version of DeepEnds.

Transforming C to C++

by Zeb Mason

About the video:

Performs a clustering analysis on a C call graph then manipulates it within Visual Studio to prototype a class.

Creating traditional Visual Studio sln from CMake

By zebedee | Jun 17, 2020 01:16 PM | Tags: None

CMakeToVisualStudio parses CMake files to create a Visual Studio solution.

CMakeToVisualStudio

by Zeb Mason

About the release

CMakeToVisualStudio parses CMakeLists.txt and CMakeCache.txt files and creates a traditional Visual Studio solution from templated XML:

• Might not build properly
• Might be sufficient to work with historical tooling for Visual Studio
• LGPL v2.1 set of libraries for reading CMake and Visual Studio projects and writing Visual C++ solutions

DeepEnds Release 3.0.1 for free

By zebedee | Jun 15, 2020 11:30 AM | Tags: None

CycleRouter Ltd is pleased to announce a new release of our dependency analysis tool.

DeepEnds Release 3.0.1

About the release:

DeepEnds 3.0.1 analyses code for coupling and cohesion and deletes redundant code. It is a Windows program that integrates with Visual Studio.

It is free to use until the end of August 2020.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

By Andrey Karpov | Jun 8, 2020 11:12 AM | Tags: static code analysis pvs-studio godbolt compiler explorer bugs

We have added an option allowing you to experiment with the PVS-Studio static analyzer on the godbolt.org (Compiler Explorer) website. It supports analysis of C and C++ code.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

by Andrey Karpov

From the article:

This may be promising from the perspective of satisfying one's curiosity, writing articles, and so on. But there's a downside to it too: rather than using synthetic examples to explore or try out the tool, people may start relying on them to evaluate and compare it against other analyzers. And this is a very bad approach because the results will be unreliable and dependent on how the test examples are written.